Skip to main content

Seven VPN apps accused of exposing more than a terabyte of private data

A group of free VPN apps reportedly exposed a treasure trove of private data of millions of users. Discovered by vpnMentor, a total of seven VPN providers, all of which explicitly claimed they didn’t record their users’ activities, left more than a terabyte of browsing logs out in the open for anyone to access.

The leaked data silo housed a wide range of sensitive data, some of which was personally identifiable too. VpnMentor claims it included records of the websites users visited, plain-text passwords, PayPal payment information, device specifications, email addresses, and more.

Recommended Videos

While the data since then has been taken down, vpnMentor was independently able to confirm the data was channeled from these VPN apps by browsing through new accounts and cross-verifying it with the updated database.

Please enable Javascript to view this content

In addition, all of the affected VPN apps are owned by the same Hong Kong-based parent company and were simply rebranded versions of the same VPN service. They were distributed under variations of generic names such as Super VPN, Fast VPN, Flash VPN, and more — a pattern commonly found in such data leak incidents. Most of them had more than 10 million downloads on the Google Play Store and iOS App Store and their listings haven’t been pulled yet.

We’ve reached out to Google and Apple for more information and we’ll update the story when we hear back.

“We do not track user activities outside of our Site, nor do we track the website browsing or connection activities of users who are using our Services,” one of them called UFO VPN boldly wrote in its privacy policy.

A spokesperson for UFO VPN argued that the database didn’t feature any personal information, and that the coronavirus prevented its staff from securing the server. The email addresses, they added, were of users who had sent them feedback and accounted for less than 1% of the entire data.

“Due to personnel changes caused by COVID-19, we‘ve not found bugs in server firewall rules immediately, which will lead to the potential risk of being hacked. And now it has been fixed,” the spokesperson told vpnMentor.

VPN apps are capable of monitoring your internet traffic and hence, it’s key to ensure the one you’ve installed has a secure infrastructure in place. If you were using any of these affected apps, here are a few alternatives.

Shubham Agarwal
Former Digital Trends Contributor
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
Ring’s Neighbors app gets more transparent with latest update
amazon drops the price for ring video doorbell 2 and throws in an echo dot with 4

Ring's Neighbors app is a tremendous add-on for Ring product owners but is also available for free on any iOS or Android device. Built from the ground up, the Neighbors service allows users to receive and post safety information with one another, in addition to public safety agencies that serve those communities. Utilizing posted content from regular Neighbors users and law enforcement agencies, the app offers a massive peace-of-mind solution by keeping communities informed and connected -- although, the means by which law enforcement has used the service to solicit information from users has been a point of contention.

Up until now, police, fire, and other investigative public services have had the ability through Ring to request device owners to send recorded video to investigative units with a Neighbors function called Video Requests. During community investigations, device owners would receive private emails from law enforcement seeking surveillance footage from their Ring hardware -- a solicitation that Ring owners could choose to accept or ignore. By changing privacy settings, users could also completely opt out of Video Requests altogether.

Read more
Apple’s Mac Catalyst apps are more important than ever, and they still need work
Apple's Podcasts app on MacOS Big Sur

The Apple Silicon transition is incoming, and with it, a wealth of mobile apps that should automatically run on new Macs. That doesn't mean these apps will offer great experiences on day one, though.

One of the solutions is a project called Mac Catalyst, which is Apple's way of helping developers port iPad apps over to the Mac. But even Apple’s own Mac Catalyst apps have had a rocky start since the first ones launched in 2018 with MacOS Mojave. They improved in MacOS Catalina, but still left me unconvinced about the future of the platform.

Read more
Xiaomi defends against accusations of collecting customers’ private data
xiaomi denies accusations collecting private data redmi note 8t

Xiaomi defended itself against accusations that the Chinese smartphone manufacturer was secretly collecting private data, claiming that the privacy and security of its customers is its "top priority."

Cybersecurity researcher Gabi Cirlig claimed that much of what he was doing on his Xiaomi Redmi Note 8 was being tracked, with the data sent to remote servers, Forbes reported. Cirlig said that the smartphone's default browser, Xiaomi's Mint, recorded the websites he visited, while the device also monitored activity such as opening folders and swiping screens.

Read more